Sublist3r - Fast Subdomains Enumeration Tool for Penetration Testers

Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT (Open-source intelligence). It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask. Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS. Sublist3r currently supports Python 2 and Python 3.

SubBrute was integrated with Sublist3r to increase the possibility of finding more subdomains using bruteforce with an improved wordlist.

Installation:

git clone https://github.com/aboul3la/Sublist3r.git

Dependencies:

Sublist3r depends on the requests, dnspython, and argparse python modules.

These dependencies can be installed using the requirements file:

Installation on Windows:

c:\python27\python.exe -m pip install -r requirements.txt

Installation on Linux:

sudo pip install -r requirements.txt

Alternatively, each module can be installed independently as shown below.

Requests Module

Install for Windows:

c:\python27\python.exe -m pip install requests

Install for Ubuntu/Debian:

sudo apt-get install python-requests

Install for Centos/Redhat:

sudo yum install python-requests

Install using pip on Linux:

sudo pip install requests

dnspython Module

Install for Windows:

c:\python27\python.exe -m pip install dnspython

Install for Ubuntu/Debian:

sudo apt-get install python-dnspython

Install using pip:

sudo pip install dnspython

argparse Module

Install for Ubuntu/Debian:

sudo apt-get install python-argparse

Install for Centos/Redhat:

sudo yum install python-argparse

Install using pip:

sudo pip install argparse

For coloring in windows install the following libraries:

c:\python27\python.exe -m pip install win_unicode_console colorama

Usage:

-d --domain Domain name to enumerate subdomains of -b --bruteforce Enable the subbrute bruteforce module -p --ports Scan the found subdomains against specific tcp ports -v --verbose Enable the verbose mode and display results in realtime -t --threads Number of threads to use for subbrute bruteforce -e --engines Specify a comma-separated list of search engines -o --output Save the results to text file -h --help show the help message and exit

Examples:

To list all the basic options and switches use -h switch:

python sublist3r.py -h

To enumerate subdomains of specific domain:

python sublist3r.py -d example.com

To enumerate subdomains of specific domain and show only subdomains which have open ports 80 and 443 :

python sublist3r.py -d example.com -p 80,443

To enumerate subdomains of specific domain and show the results in realtime:

python sublist3r.py -v -d example.com

To enumerate subdomains and enable the bruteforce module:

python sublist3r.py -b -d example.com

To enumerate subdomains and use specific engines such Google, Yahoo and Virustotal engines